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This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims : 

Claim 1 (Currently Amended): A method for authorizing a transaction by a user using a 
terminal which is capable of communicating with a background system, with steps performed 
by the terminal comprising: 

determining non-confidential identification information which identifies the user, 

sending terminal data to the background system, the terminal data serving to 
authenticate the terminal at the background system, the terminal data comprising user 
identification data from which the identity of the user can be derived, wherein the user 
identification data corresponds to, or has been derived from, the non-confidential 
identification information determined by the terminal, 

receiving secret data assigned to the user from the background system, wherein the 
secret data pertains to a secret that is known to the user, 

presenting the secret given by the secret data to the user, thus signaling to the user that 
the terminal can be trusted, 

determining a personal feature of the user, and 

sending feature data to the background system, wherein the feature data is related to 
the personal feature of the user, and wherein the feature data signals or documents the 
authorization of the transaction by the t*se* user, 

wherein the terminal only requires the user to make the personal feature accessible to 
the terminal, or enter the personal feature at the terminal, after the terminal has presented the 
secret to the user . 

Claim 2 (Previously Presented): The method according to Claim 1, wherein the terminal 
data is secured with at least one of a MAC and a cryptographic signature for authentication at 
the background system. 

Claim 3 (Canceled). 

Claim 4 (Previously Presented): The method according to Claim 1, wherein the secret that 
is presented to the user is at least one of a text information, acoustic information, visual 
information, and tactile information. 
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Claim 5 (Previously Presented): The method according to Claim 1, wherein transaction 
data is also displayed to the user. 

Claim 6 (Previously Presented): The method according to Claim 1, wherein the personal 
feature is a biometric feature of the user. 

Claim 7 (Currently Amended): The method according to Claim 1, further comprising 
receiving acknowledgement data from the background system system, and at least one of 
displaying and printing out an acknowledgement for the user. 

Claim 8 (Currently Amended): A method for authorizing a transaction by a user, the 
method using a background system capable of communicating with a terminal, with steps 
performed by the background system comprising: 

receiving terminal data from the terminal, the terminal data authenticating the terminal 
at the background system, the terminal data comprising user identification data from which 
the identity of the user can be derived, wherein the user identification data corresponds to, or 
has been derived from, non-confidential identification identification information , 

if the authentication of the terminal at the background system has been successful, 
then accessing secret data stored in a database and assigned to the user, and sending 
transmission data from which the secret data can be determined to the terminal, wherein the 
secret data pertains to a secret that is known to the user and that serves to signal to the user 
that the terminal can be trusted, and 

receiving feature data from the terminal, the feature data pertaining at least to a 
personal feature of the user and documenting the authorization of the transaction by the user 
user, 

wherein the feature data is only received from the terminal after the background 
system has sent the transmission data from which the secret data can be determined to the 
terminal . 

Claim 9 (Previously Presented): The method according to Claim 8, wherein the secret data 
pertains to a secret which changes from one transaction to the next. 
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Claim 10 (Previously Presented): The method according to Claim 9, wherein the secret 
data pertains to a secret which depends at least in part on transactions performed previously. 

Claim 11 (Previously Presented): The method according to Claim 8, wherein the feature 
data is checked, and the transaction is considered as authorized by the user only if this check 
is successful. 

Claim 12 (Previously Presented): The method according to Claim 11, wherein 
acknowledgement data is sent to the terminal if the check is successful. 

Claim 13 (Currently Amended): A method for authorizing a transaction by a user using a 
terminal capable of communicating with a background system, with steps comprising: 
determining, by the terminal, non-confidential identification information which 
identifies the user, 

communicating between the terminal and the background system to authenticate the 
terminal at the background system, the communicating comprising that the terminal transmits 
user identification data from which the identity of the user can be derived to the background 
system, wherein the user identification data corresponds to, or has been derived from, the 
non-confidential identification information determined by the terminal, 

if the authentication of the terminal at the background system has been successful, 
then the background system accesses secret data stored in a database and assigned to the user, 
and the background systems system sends transmission data from which the secret data can be 
determined to the terminal, wherein the secret data pertains to a secret that is known to the 
user, 

presenting, by the terminal, the secret given by the secret data to the user, thus 
signaling to the user that the terminal can be trusted, 

determining, by the terminal, a personal feature of the user, and 

performing the transaction using feature data pertaining at least to the personal feature 
of the ttser user, 

wherein the terminal only requires the user to make the personal feature accessible to 
the terminal, or enter the personal feature at the terminal, after the terminal has presented the 
secret to the user. 
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Claim 14 (Previously Presented): The method according to Claim 13, wherein the 
communication processes between the terminal and the background system are protected 
from attacks at least in part by at least one of time stamps, sequence numbers, random 
numbers, and an encryption with a session key. 

Claim 15 (Currently Amended): A terminal which is capable of communicating with a 
background system and which is equipped for authorizing a transaction by a user, wherein the 
terminal comprises: 

a first module that is adapted for determining non-confidential identification 
information which identifies the user, 

a second module that is adapted for sending terminal data to the background system, 
the terminal data serving to authenticate the terminal at the background system, the terminal 
data comprising user identification data from which the identity of the user can be derived, 
wherein the user identification data corresponds to, or has been derived from, the non- 
confidential identification information determined by the terminal, 

a third module that is adapted for receiving secret data assigned to the user from the 
background system, wherein the secret data pertains to a secret that is known to the user, 

a fourth module that is adapted for presenting the secret given by the secret data to the 
user, thus signaling to the user that the terminal can be trusted, 

a fifth module that is adapted for determining a personal feature of the user, and 

a sixth module that is adapted for sending feature data to the background system, 
wherein the feature data is related to the personal feature of the user, and wherein the feature 
data signals or documents the authorization of the transaction by the user user, 

wherein each of the first, second, third, fourth, fifth, and sixth modules are embodied 
on a non-transitory computer readable medium, and 

wherein the fifth module only requires the user to make the personal feature accessible 
to the terminal, or enter the personal feature at the terminal, after the fourth module has 
presented the secret to the user . 
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Claim 16 (Currently Amended): A background system which is capable of communicating 
with a terminal and which is equipped for authorizing a transaction by a user using the 
terminal, wherein the background system comprises: 

a first module that is adapted for receiving terminal data from the terminal, the 
terminal data authenticating the terminal at the background system, the terminal data 
comprising user identification data from which the identity of the user can be derived, 
wherein the user identification data corresponds to, or has been derived from, non- 
confidential identification information, 

a second module that is adapted for authenticating the terminal at the background 
system, and that is further adapted for performing, if the authentication of the terminal at the 
background system has been successful, an operation of accessing secret data stored in a 
database and assigned to the user, and an operation of sending transmission data from which 
the secret data can be determined to the terminal, wherein the secret data pertains to a secret 
that is known to the user and that serves to signal to the user that the terminal can be trusted, 
and 

a third module that is adapted for receiving feature data from the terminal, the feature 
data pertaining at least to a personal feature of the user and documenting the authorization of 
the transaction by the user user, 

wherein each of the first, second, and third modules are embodied on a non-transitory 
computer readable medium, and 

wherein the third module only receives the feature data from the terminal after the 
second module has sent the transmission data from which the secret data can be determined to 
the terminal. 
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Claim 17 (Currently Amended): A system comprising a background system and at least 
one terminal capable of communicating with the background system, wherein the system 
comprises: 

a first module that is a module of the terminal and that is adapted for determining non- 
confidential identification information which identifies the user, 

a second module that is a module of the terminal and that is adapted for sending 
terminal data to the background system, the terminal data serving to authenticate the terminal 
at the background system, the terminal data comprising user identification data from which 
the identity of the user can be derived, wherein the user identification data corresponds to, or 
has been derived from, the non-confidential identification information determined by the 
terminal, 

a third module that is a module of the background system that is adapted for 
authenticating the terminal at the background system and for performing, if the authentication 
of the terminal at the background system has been successful, an operation in which the 
background system accesses secret data stored in a database and assigned to the user, and an 
operation in which the background system sends transmission data from which the secret data 
can be determined to the terminal, wherein the secret data pertains to a secret that is known to 
the user, 

a fourth module that is a module of the terminal and that is adapted for presenting the 
secret given by the secret data to the user, thus signaling to the user that the terminal can be 
trusted, 

a fifth module that is a module of the terminal and that is adapted for determining a 
personal feature of the user, and 

a sixth module that is a module of the terminal and that is adapted for sending feature 
data pertaining at least to the personal feature of the user to the background system, wherein 
the feature data signals or documents that the user has authorized the transaction transaction, 

wherein each of the first, second, fourth, fifth, and sixth modules are embodied on a 
non-transitory computer readable medium at the terminal, 

wherein the third module is embodied on a non-transitory computer readable medium 
at the background system, and 

wherein the fifth module only requires the user to make the personal feature accessible 
to the terminal, or enter the personal feature at the terminal, after the fourth module has 
presented the secret to the user . 
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Claim 18 (Currently Amended): A computer program product comprising a physical 
medium having program instructions for at least one processor of a terminal to cause the at 
least one processor to execute a method for authorizing a transaction by a user, the terminal 
being capable of communicating with a background system, with steps performed by the 
terminal comprising: 

determining non-confidential identification information which identifies the user, 

sending terminal data to the background system, the terminal data serving to 
authenticate the terminal at the background system, the terminal data comprising user 
identification data from which the identity of the user can be derived, wherein the user 
identification data corresponds to, or has been derived from, the non-confidential 
identification information determined by the terminal, 

receiving secret data assigned to the user from the background system, wherein the 
secret data pertains to a secret that is known to the user, 

presenting the secret given by the secret data to the user, thus signaling to the user that 
the terminal can be trusted, 

determining a personal feature of the user, and 

sending feature data to the background system, wherein the feature data is related to 
the personal feature of the user, and wherein the feature data signals or documents the 
authorization of the transaction by the t*sef user, 

wherein the terminal only requires the user to make the personal feature accessible to 
the terminal, or enter the personal feature at the terminal, after the terminal has presented the 
secret to the user. 
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Claim 19 (Currently Amended): A computer program product comprising a physical 
medium having program instructions for at least one processor of a background system to 
cause the at least one processor to execute a method for authorizing a transaction by a user, 
the background system being capable of communicating with a terminal, with steps 
performed by the background system comprising: 

receiving terminal data from the terminal, the terminal data authenticating the terminal 
at the background system, the terminal data comprising user identification data from with 
which the identity of the user can be derived, wherein the user identification data corresponds 
to, or has been derived from from, non-confidential identification information, 

if the authentication of the terminal at the background system has been successful, 
then accessing secret data stored in a database and assigned to the user, and sending 
transmission data from which the secret data can be determined to the terminal, wherein the 
secret data pertains to a secret that is known to the user and that serves to signal to the user 
that the terminal can be trusted, and 

receiving feature data from the terminal, the feature data pertaining at least to a 
personal feature of the user and documenting the authorization of the transaction by the user 
user, 

wherein the feature data is only received from the terminal after the transmission data 
from which the secret data can be determined has been sent to the terminal . 

Claim 20 (Previously Presented): The method according to Claim 1, wherein the secret that 
is presented to the user is at least one of a displayed image, an acoustic output, and tactile 
information. 

Claim 21 (Currently Amended): The method according to Claim 1, wherein the secret that 
is presented to the user is easily identified by the user information suitable for proving to the 
user that there has been a successful authentication of the terminal at the background system . 
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Claim 22 (Previously Presented): The method according to Claim 8, wherein the secret that 
serves to signal to the user that the terminal can be trusted is at least one of a displayed image, 
an acoustic output, and tactile information. 

Claim 23 (Currently Amended): The method according to Claim 8, wherein the secret that 
serves to signal to the user that the terminal can be trusted is easily identified by the user 
information suitable for proving to the user that there has been a successful authentication of 
the terminal at the background system . 
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